Bug #101914 | Contribution: Add support for VERIFY_CA and VERIFY_IDENTITY SslMode\'s | ||
---|---|---|---|
Submitted: | 8 Dec 2020 15:42 | Modified: | 25 Feb 2021 14:19 |
Reporter: | OCA Admin (OCA) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Document Store: MySQL Shell | Severity: | S3 (Non-critical) |
Version: | OS: | Any | |
Assigned to: | CPU Architecture: | Any |
[8 Dec 2020 15:42]
OCA Admin
[8 Dec 2020 15:42]
OCA Admin
Contribution submitted via Github - Add support for VERIFY_CA and VERIFY_IDENTITY SslMode's (*) Contribution by Daniël van Eeden (Github dveeden, mysql-shell/pull/7#issuecomment-740665533): I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.
Contribution: git_patch_534350026.txt (text/plain), 5.12 KiB.
[8 Dec 2020 16:41]
MySQL Verification Team
Thank you for the contribution.
[25 Feb 2021 14:19]
David Moss
Thank you for your feedback, this has been fixed in upcoming versions and the following was added to the 8.0.24 change log: The memberSslMode option did not support the VERIFY_CA and VERIFY_IDENTITY modes for the following operations: dba.createCluster() Cluster.addInstance() Cluster.rejoinInstance() Now, the memberSslMode option supports these modes, and when they are used there is a validation to ensure that the CA certificates are supplied. If you choose to use the VERIFY_CA or VERIFY_IDENTITY mode, on each cluster instance you must manually supply the CA certificates using the ssl_ca and/or ssl_capath option. For more information, see Securing your Cluster. Thanks to Daniël van Eeden for the contribution.